ok after being banned from playing CS, got tired from playing 20+ games and finishing it, i decided to play ROSE again. ^_^
to those of you who have the infected files and wishes to run the server, you could alternatively run it in a sandbox. currently im in the process of analyzing the binaries. i've learned that the iRose server files have been packed with Morphine. if i can find an unpacker and successfuly unpack it, i could post the server files here. I don't know if it is really binded w/ a trojan, since the only changes done are from the registry and there are no dropped files in the system directory. I can assume some av's detect morphine packed files as viruses.
in the meantime, here's how it looks:
in theory, your system should not be infected because once the processes are terminated changes would be reverted back to its previous state
i haven't worked it out yet, the configuration and stuffs, i'll try to update this thread once there have been several developments. to those who know how to configure this, maybe u could give me a hand? :-)







